The Network Security Toolkit web based user interface (WUI) provides many links to launch X based applications. In order to use these links, all of the following conditions must be met:
The client machine must be running a X server. Windows machines do not support this natively - but you can use packages from http://www.cygwin.com/ to add this capability.
The machine running the X server
must have its firewall rules set such that
TCP connections to the
X server port are permitted. This will
typically be port 6000
.
The X server on your client machine
must permit TCP connections. By default,
many distributions disable this feature. You can scan the
X server port (typically port
6000
) to determine if the
X server is accepting external
TCP connections.
You must run the xhost command on your X server to add the IP address of the Network Security Toolkit probe. This will allow the Network Security Toolkit probe to make use of your client machine's X server as its display.
By default, Fedora Core
distributions which use the gdm desktop
manager do not permit TCP connections to
the X server. You can used
the gdmsetup utility to enable this
feature. Alternatively, you can add (or modify) the following
line in your /etc/gdm/custom.conf
(if you
are running a version of Fedora prior to Fedora Core 5, the
configuration file is:
/etc/X11/gdm/gdm.conf
).
[security] # Adding the following to the [security] section will # allow TCP connections to the X server DisallowTCP=false
After updating the gdm configuration, you will need to restart gdm. This can be done using the gdm-restart utility or by killing the gdm process.
[pkb@salsa fc2]$
ps -ef | grep gdm
root 1606 1 0 Nov02 ? 00:00:00 /usr/bin/gdm-binary -nodaemon root 1804 1606 0 Nov02 ? 00:00:00 /usr/bin/gdm-binary -nodaemon root 1815 1804 2 Nov02 ? 00:31:22 /usr/local/bin/X :0 -audit 0 -auth /var/gdm/:0.Xauth vt7 pkb 8482 1940 0 06:53 pts/0 00:00:00 grep gdm[pkb@salsa fc2]$
kill 1606
Lets show a simple example of displaying the xclock application from a Network Security Toolkit probe (192.168.128.3) to a Fedora Core 2 workstation (192.168.128.4).
First lets try to display xclock on the Fedora Core 2 workstation (192.168.128.4).
[root@probe tmp]$
export DISPLAY=192.168.128.4:0.0; xclock &
[root@probe root]# Xlib: connection to "10.222.222.14:6.0" refused by server Xlib: Client is not authorized to connect to Server Error: Can't open display: 192.168.128.4:0.0 [1]+ Exit 1 xclock
One can see that the Network Security Toolkit probe is not authorized to connect to the Fedora Core 2 workstation. We need to allow authorization for X services to the Network Security Toolkit probe (192.168.128.3) by using the xhost command. The xhost command is now run on the Fedora Core 2 workstation:
[root@fc2 tmp]$
xhost +192.168.128.3
[root@fc2 tmp]# xhost access control enabled, only authorized clients can connect INET:192.168.128.3
The xclock application will now be properly rendered on the Fedora Core 2 workstation's X screen 0:0.
[root@probe tmp]$
export DISPLAY=192.168.128.4:0.0; xclock &